This is a portfolio and learning project. Security fixes are applied to the active develop and main branches.
Open a private advisory or contact the repository owner directly. Do not disclose sensitive findings in public issues.
- CodeQL is enabled through GitHub Actions.
- Dependabot monitors Maven, NPM and GitHub Actions dependencies.
- Pull requests should include tests for security-sensitive behavior.
- Secrets must never be committed to the repository.